Skip to main content

Need the shared environment model?

Read the Fundamentals page for the shared model, then use this guide for CLI promotion workflows.
Variable promotion lets you move one or more variable keys from a source environment to a target environment through an approval workflow. This keeps environment changes auditable and reviewable while staying inside Ghostable’s zero-knowledge model.

Create a Promotion Request

Run the guided flow: 
ghostable env promote
The CLI will guide you through:
  • selecting source environment,
  • selecting target environment,
  • selecting one or more variable keys,
  • choosing whether to include current values.
include values defaults to false. In this mode, key names are preserved while values are intentionally blank in the request payload.

Scriptable create example

ghostable env promote \
  --source-env local \
  --target-env production \
  --keys APP_URL \
  --keys APP_DEBUG \
  --include-values \
  --yes

Review Pending Requests

List pending requests in the current project: 
ghostable env promote pending
Use guided review: 
ghostable env promote review
Or review a specific request: 
ghostable env promote review <request-id>
Guided review lets you choose:
  • Approve
  • Reject
  • Cancel

Approve, Reject, or Cancel Directly

Approve: 
ghostable env promote approve <request-id>
Approve with override values: 
ghostable env promote approve <request-id> --set APP_URL=https://example.com
Reject: 
ghostable env promote reject <request-id> --reason "Needs updated value source."
Cancel: 
ghostable env promote cancel <request-id> --reason "No longer needed."

Include-Values vs Blank-Values Behavior

  • include values = false: request carries key names with blank values.
  • include values = true: request includes encrypted payloads for current source values when available on your device.
If a source value cannot be decrypted on your current device, approval may require explicit override values (--set KEY=VALUE).

Recovery and Terminal States

  • If create/approve fails due to key-signature access requirements, CLI performs one controlled key-share recovery attempt, then retries once.
  • If a request is already resolved, CLI exits cleanly with explicit status instead of retrying destructively.

Continue

Environment workflows

Return to push, pull, sync, diff, and validation workflows.

Device and key re-share

Review device identity and key re-sharing flows used during recovery paths.

Security controls matrix

Map promotion review controls to audit and operational evidence.